Magnus Hagander wrote: > > > > I think any secure solution is going to have to block all write > > > > access to postgresql.conf, and that includes all the COPY > > TO and all > > > > the untrusted languages. > > > > > > Exactly. But we won't get that for 8.1. So for now, we > > block all write > > > access through *new* functions, per the "let's at least not > > add more > > > security holes" rule. > > > > As far as I know, the only new functionality the patch adds > > _over_ copy is the ability to write nulls, and rename/unlink. > > Should we just throw an error when writing null bytes? > > Um. Yes. This patch goes one step further and allows you to block the > writing of *any* file using these functions. The question is wether that > one step further is far enough..
I am thinking we can just block null byte writes and say it is the same as COPY, which we have always used. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly